Global Patent Index - EP 2523097 A1

EP 2523097 A1 20121114 - Modular exponentiation method and device resistant against side-channel attacks

Title (en)

Modular exponentiation method and device resistant against side-channel attacks

Title (de)

Modulare Potenzierung und Vorrichtung welche resistent sind gegen Seitenkanalangriffe

Title (fr)

Mise à la puissance modulaire et dispositif résistants aux attaques par canaux cachés

Publication

EP 2523097 A1 20121114 (EN)

Application

EP 12166750 A 20120504

Priority

  • EP 11176404 A 20110803
  • EP 11305568 A 20110511
  • EP 12166750 A 20120504

Abstract (en)

A modular exponentiation comprising iterative modular multiplications steps and taking as input a first modulus N , a secret exponent d and a base x . During at least one modular multiplication step aiming at computing a result c from two values a , b and the first modulus N so that c = a · b mod N , a processor (120) takes as input the two values a , b and the first modulus N from which are obtained two operands a ', b ' and a second modulus N ' using operations with at most linear complexity - at least one of the two operands a', b' is different from the two values a , b, and the two operands a ', b ' are different when a is equal to b - so that the modular multiplication c = a · b mod N from a side-channel viewpoint behaves like a modular squaring except for when a ' equals b '. An intermediate result c ' = a'·b' mod N' is computed, and the result c is derived from the intermediate result c ' using an operation with at most linear complexity; and the result c is used in the modular exponentiation.

IPC 8 full level

G06F 7/72 (2006.01)

CPC (source: EP US)

G06F 7/722 (2013.01 - EP US); G06F 7/723 (2013.01 - EP US); G06F 7/724 (2013.01 - US); G06F 2207/7261 (2013.01 - EP US)

Citation (applicant)

  • PAUL KOCHER; JOSHUA JAFFE; BENJAMIN JUN: "Differential Power Analysis", vol. 1666, 1999, SPRINGER-VERLAG, article "Advances in Cryptology - CRYPTO'99, volume 1666 of Lecture Notes in Computer Science", pages: 388 - 397
  • PAUL C. KOCHER: "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems", vol. 1109, 1996, SPRINGER-VERLAG, article "Advances in Cryptology - CRYPTO'96, volume 1109 of Lecture Notes in Computer Science", pages: 104 - 113
  • JEAN-SEBASTIEN CORON: "Cryptographic Hardware and Embedded Systems - CHES'99", vol. 1717, 1999, SPRINGER-VERLAG, article "Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems", pages: 292 - 302
  • SUNG-MING YEN; MARC JOYE: "Checking before output may not be enough against fault-based cryptanalysis", IEEE TRANSACTIONS ON COMPUTERS, vol. 49, no. 9, 2000, pages 967 - 970, XP055268285
  • SUNG-MING YEN; SEUNG-JOO KIM; SEON-GAN LIM; SANG-JAE MOON: "Information Security and Cryptology - ICISC 2001", vol. 2288, 2002, SPRINGER-VERLAG, article "A Countermeasure Against One Physical Cryptanalysis May Benefit Another Attack", pages: 417 - 427
  • BENOIT CHEVALLIER-MAMES; MATHIEU CIET; MARC JOYE: "Low-Cost Solutions for Preventing Simple Side-channel Analysis: Side-Channel Atomicity", IEEE TRANSACTIONS ON COMPUTERS, vol. 53, no. 6, 2004, pages 760 - 768
  • FRÉDÉRIC AMIEL; BENOIT FEIX; MICHAEL TUNSTALL; CLAIRE WHELAN; WILLIAM P.: "Selected Areas in Cryptography - SAC 2008, volume 5394 of Lecture Notes in Computer Science", 2009, SPRINGER-VERLAG, article "Marnane; Distinguishing Multiplications from Squaring Operations", pages: 346 - 360

Citation (search report)

[XI] US 2009175455 A1 20090709 - JOYE MARC [FR]

Designated contracting state (EPC)

AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

Designated extension state (EPC)

BA ME

DOCDB simple family (publication)

EP 2523096 A1 20121114; BR 102012010971 A2 20131112; CA 2775325 A1 20121111; CN 102779022 A 20121114; CN 102779022 B 20170301; EP 2523097 A1 20121114; EP 2523097 B1 20160120; HK 1176423 A1 20130726; JP 2012239171 A 20121206; JP 5977996 B2 20160824; MX 2012005408 A 20121121; US 2012290634 A1 20121115; US 8984040 B2 20150317

DOCDB simple family (application)

EP 11176404 A 20110803; BR 102012010971 A 20120509; CA 2775325 A 20120424; CN 201210145594 A 20120511; EP 12166750 A 20120504; HK 13103264 A 20130315; JP 2012107478 A 20120509; MX 2012005408 A 20120509; US 201213469139 A 20120511